New Contributor
New ContributorHi Sheng,
Thanks for that link. Quartus Prime isn't mentioned anywhere on that page though.
The main thing that would concern me is that I've found .jar files under the intelFPGA directory relating to log4j (used for the Eclipse plugin). Is it possible that this hasn't been noticed and addressed yet? And could it also be used elsewhere in the program?
I'm using version 18.1, but the release notes for more recent versions don't mention log4j, so I'd assume from this that it hasn't been patched. Would this present a security vulnerability on our systems?
Kind regards,
James
Super ContributorHi jamesd1,
If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key .
Please provide as much information as possible, including:
The products and versions affected
Detailed description of the vulnerability
Information on known exploits
You can try the email stated above. May be can get better confirmation there.
Hope it helps.
Best regards,
Sheng
p/s: If any answer from the community or Intel support are helpful, please feel free to give Kudos.
